Archive for November, 2013

Brazil’s Internet Bill Could Increase Costs for Multinationals

From: NearshoresAmerica

By Silvia Rosa

A controversial draft bill soon to be voted on by the Brazilian Congress has caused great concern among multinational online companies such as Google, Facebook, Yahoo and Microsoft. The legislation known as the Marco Civil da Internet – a civil-rights framework for internet users and providers – requires online services providers to keep local-user information in data centers inside Brazil.

The bill was marked as urgent by President Dilma Rousseff following revelations by Edward Snowden, a former US National Security Agency contractor, that the NSA had monitored her staff communications and data belonging to Petrobras, the state oil company. This measure is one of several Brazilian government initiatives aimed at enhancing cyber security and making Brazilians’ communication less vulnerable.

CERT-UK gets off ground as Government appoints Chris Gibson as head

From: TechWorld


The Government has appointed former Citigroup e-crime head Chris Gibson as the founding director of the UK’s revamped but delayed Computer Emergency Response Team (CERT), CERT-UK.

Originally meant to be up and running in 2013 as part of the Government’s multi-pronged Cyber Security Strategy overhaul of the UK’s national security regime, delays in finding the right people have pushed CERT-UK’s operation that back to sometime in 2014.

News that Gibson began his job on 11 November is still an important moment.

Energy Security: A constantly changing paradigm

From: OilVoice

Posted by Fleming Gulf

Location Dubai View on Google Maps (new window)


MEESEC Forum 2013 focuses on energy geo-politics, security operations management, cyber security and maritime security within oil, gas and petrochemical industries.

25th November 2013, Dubai

Constant changes in energy dependence is also changing the dynamics in energy security. Highlighting the latest strategies and technologies to effectively mitigate threats, the 9th Middle East Energy Security (MEESEC) Forum commenced today at Habtoor Grand Beach Resort and Spa, Dubai. Chairing the conference today is Robin Mills, Energy Strategist and Economist and author of ‘The Myth of the Oil Crisis’.

Dubai conducts SDRS feasibility study

From: TradeArabia

Dubai Smart Government (DSG) has begun conducting a feasibility study to understand and evaluate the current capabilities and needs for a shared disaster recovery site (SDRS) among Dubai Government entities.

It is being done in compliance with the recent Dubai Government Information Security Regulation among 31 government entities to manage a secure government information security environment, ensure business continuity and contribute to the sustainable development of Dubai as a smart city.

The objectives of the feasibility study are to identify pros and cons including implementation, location and operational costs of a Dubai Government SDRS.

U.S. government rarely uses best cybersecurity steps -advisers

From: Reuters

By Alina Selyukh

The U.S. government itself seldom follows the best cybersecurity practices and must drop its old operating systems and unsecured browsers as it tries to push the private sector to tighten its practices, technology advisers told President Barack Obama.

“The federal government rarely follows accepted best practices,” the President’s Council of Advisors on Science and Technology said in a report released on Friday.” It needs to lead by example and accelerate its efforts to make routine cyberattacks more difficult by implementing best practices for its own systems.”

Report highlights poor UK attitudes to mobile security


Warwick Ashford

Businesses should note that many UK mobile users do not take security precautions and do not know how to guard against data theft, says a report by security firm Trend Micro.

A survey of 2,500 UK mobile users found that 27% have lost up to three company devices and 52% regularly carry a mobile device containing sensitive work data, putting their employers and customers at risk of fraud.

The survey revealed that 61% who use their devices for work do not use password protection, 20% use their personal smartphones for business, and 63% use the same or similar passwords for all accounts.

New network security requirements for U.S. defense contractors

From: UPI

U.S. defense contractors are now required to incorporate established information  security standards on their unclassified networks.

Under an amendment to the U.S. Defense Federal Acquisition Supplement, they  are also required to report incidents of cyber-intrusions that result in the  loss of unclassified, controlled technical information from their networks.

“Defense contractors throughout the department’s supply chain have been  targeted by cyber-criminals attempting to steal unclassified technical data,”  said Frank Kendall, undersecretary of defense for acquisition, technology and  logistics.

Cyber-risk Transparency Spurring Cyber-insurance Interest


US public companies are more forthcoming with details regarding their cybersecurity risk profiles – and more transparency regarding cyber-risk and cyber-attacks is expected to drive greater adoption of cyber-insurance as a means of demonstrating better corporate risk management.

“It is becoming a mainstream assumption that insurance carriers can help organizations with cyber-risk management, both in the traditional risk transfer sense and in the broader sense that they can act as neutral arbiters of cybersecurity best practices,” said NSS Labs’ Andrew Braunberg, writing in an analyst brief. “This is readily demonstrated in the recent push by the White House to promote greater insurance carrier participation in the National Institute of Standards and Technology (NIST) effort to create a cybersecurity best practices framework for critical infrastructure providers.”

ECJ Rules Exceptions to Obligation to Notify Data Subjects of Processing Are Optional

From: Bloomberg BNA

By Stephen Gardner

European Union member statesaren’t obliged to allow exceptions to the requirement that data processors inform data subjects about the processing of their personal data, notwithstanding a list of circumstances in the EU Data Protection Directive (95/46/EC) in which exceptions can be permitted, according to a ruling of the European Union Court of Justice (Institut professionnel des agents immobiliers (IPI) v. Englebert, E.C.J., No. C-473/12, 11/07/13)

How federal cybersecurity measures can apply to healthcare

From: GovernmentHealthIT

Erin McCann, Contributing Editor

Risk management never ends, says Jason Gates, an analyst in the engagement and resilience branch within the Office of Cybersecurity and Communications at Homeland Security.

“New cyber threats, vulnerabilities and consequences require the constant modification of risk management strategy,” he told attendees of a Nov. 14 virtual event focused on security within the healthcare industry.

This strategy proves necessary at every level of a healthcare organization, he said, including assets, facilities, IT systems, security and legal teams. If these strategies are implemented and maintained properly, and staff is trained appropriately, it can help avoid a whole lot of drama.